[Git][security-tracker-team/security-tracker][master] automatic update

Sat Dec 27 20:13:19 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15d106df by security tracker role at 2025-12-27T20:13:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2025-54322 (Xspeeder SXZOS through 2025-12-26 allows root remote code execution vi ...)
+	TODO: check
+CVE-2025-15110 (A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7c ...)
+	TODO: check
+CVE-2025-15109 (A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d ...)
+	TODO: check
+CVE-2025-15108 (A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfeb ...)
+	TODO: check
+CVE-2025-15107 (A security vulnerability has been detected in actiontech sqle up to 4. ...)
+	TODO: check
+CVE-2025-15106 (A weakness has been identified in getmaxun maxun up to 0.0.28. The aff ...)
+	TODO: check
+CVE-2025-15105 (A security flaw has been discovered in getmaxun maxun up to 0.0.28. Im ...)
+	TODO: check
 CVE-2025-68952 (Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote ...)
 	NOT-FOR-US: Eigent
 CVE-2025-68948 (SiYuan is self-hosted, open source personal knowledge management softw ...)
@@ -4258,21 +4272,21 @@ CVE-2025-11009 (Cleartext Storage of Sensitive Information vulnerability in Mits
 	NOT-FOR-US: Mitsubishi
 CVE-2025-0852
 	REJECTED
-CVE-2025-14180
+CVE-2025-14180 (In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...)
 	{DSA-6088-1}
 	- php8.4 8.4.16-1 (bug #1123574)
 	- php8.2 <removed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj
 	NOTE: Fixed by: https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86 (php-8.4.16)
-CVE-2025-14178
+CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...)
 	{DSA-6088-1}
 	- php8.4 8.4.16-1 (bug #1123574)
 	- php8.2 <removed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2
 	NOTE: Fixed by: https://github.com/php/php-src/commit/e6d7d34c1ae46281993036189e3bcb6528911ce8 (php-8.4.16)
-CVE-2025-14177
+CVE-2025-14177 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...)
 	{DSA-6088-1}
 	- php8.4 8.4.16-1 (bug #1123574)
 	- php8.2 <removed>
@@ -11496,6 +11510,7 @@ CVE-2025-13109 (The HUSKY \u2013 Products Filter Professional for WooCommerce pl
 CVE-2025-12887 (The Post SMTP plugin for WordPress is vulnerable to authorization bypa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-12819 (Untrusted search path in auth_query connection handler in PgBouncer be ...)
+	{DLA-4422-1}
 	- pgbouncer 1.25.1-1
 	[trixie] - pgbouncer <no-dsa> (Minor issue)
 	[bookworm] - pgbouncer <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d106df0a9ebfe6b7d5b6f8b77e3a95d38871e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d106df0a9ebfe6b7d5b6f8b77e3a95d38871e2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251227/d170a34b/attachment.htm>
